diff options
| author | Josh Hoyt <josh@janrain.com> | 2006-01-30 20:36:03 +0000 |
|---|---|---|
| committer | Josh Hoyt <josh@janrain.com> | 2006-01-30 20:36:03 +0000 |
| commit | c9d453a80825a0eed95be9f5d753e213efe10c1e (patch) | |
| tree | ab3c38e142e3435084aad6fe9a7813be0eb6de1a /Auth | |
| parent | 26dd653f024d18139000f500b968beea1f3c2eab (diff) | |
| download | php-openid-c9d453a80825a0eed95be9f5d753e213efe10c1e.zip php-openid-c9d453a80825a0eed95be9f5d753e213efe10c1e.tar.gz php-openid-c9d453a80825a0eed95be9f5d753e213efe10c1e.tar.bz2 | |
[project @ Add trust root query handling tests]
Diffstat (limited to 'Auth')
| -rw-r--r-- | Auth/OpenID/TrustRoot.php | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/Auth/OpenID/TrustRoot.php b/Auth/OpenID/TrustRoot.php index 94e3b99..1e9df2c 100644 --- a/Auth/OpenID/TrustRoot.php +++ b/Auth/OpenID/TrustRoot.php @@ -201,11 +201,22 @@ function Auth_OpenID_matchTrustRoot($trust_root, $url) } } - // Check path matching + // Check path and query matching $base_path = $trust_root_parsed['path']; $path = $url_parsed['path']; - if (substr($path, 0, strlen($base_path)) != $base_path) { - return false; + if (!isset($trust_root_parsed['query'])) { + if (substr($path, 0, strlen($base_path)) != $base_path) { + return false; + } + } else { + $base_query = $trust_root_parsed['query']; + $query = @$url_parsed['query']; + $qplus = substr($query, 0, strlen($base_query) + 1); + $bqplus = $base_query . '&'; + if ($base_path != $path || + ($base_query != $query && $qplus != $bqplus)) { + return false; + } } // The port and scheme need to match exactly |